Hello,
We'll create some new indexes that should improve site performance. To do this, we need to set the wikis to read only at 3 a.m. UTC (5a.m. Berlin/Paris, about 10 p.m. Chicago). The downtime will take about 2 hours.
Thanks for your understanding.
JeLuF
Jens Frank wrote:
We'll create some new indexes that should improve site performance. To do this, we need to set the wikis to read only at 3 a.m. UTC (5a.m. Berlin/Paris, about 10 p.m. Chicago). The downtime will take about 2 hours.
While we're on this, that would be a good time to run the password hash salting.
We'd originally held off on that because a migration to shared user accounts could change user IDs (and thus the salt), breaking all password hashes. However it looks like the type of shared account system we'll end up with is going to be a central account + local accounts, and a mass migration isn't necessary: people will 'upgrade' their accounts and be able to punch in their password for confirmation at the time.
For that type of scheme the salt will not be an issue, so we've got no excuse not to do it.
(For those who didn't notice, Slashdot ran a scaremongering "story" today about a list of troll accounts Tim made almost a year ago by comparing password hashes under the title "Wikipedia Leaks Some Users' Passwords". Slashdot's fun, but it's not journalism; don't expect to ever get an e-mail from a Slashdot editor asking for comment or confirmation on facts... Anyway, at least it reminded us we haven't finished the salted hash transition.)
-- brion vibber (brion @ pobox.com)
Brion Vibber wrote:
Jens Frank wrote:
We'll create some new indexes that should improve site performance. To do this, we need to set the wikis to read only at 3 a.m. UTC (5a.m. Berlin/Paris, about 10 p.m. Chicago). The downtime will take about 2 hours.
While we're on this, that would be a good time to run the password hash salting.
Done.
The other indexes are still building, we'll be back online soon enough... :)
-- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNED MESSAGE-----
Moin,
On Wednesday 01 June 2005 06:21, Brion Vibber wrote:
Brion Vibber wrote:
Jens Frank wrote:
We'll create some new indexes that should improve site performance. To do this, we need to set the wikis to read only at 3 a.m. UTC (5a.m. Berlin/Paris, about 10 p.m. Chicago). The downtime will take about 2 hours.
While we're on this, that would be a good time to run the password hash salting.
Done.
The other indexes are still building, we'll be back online soon enough... :)
Arg, I was not fast enough. I just wanted to say that I am shocked that wikipedia didn't already salt the passwords.
And in addition, I hope that now not only the passwords are salted, but actually include more measures against brute-forcing, like hashing the password 10000 times, or using something stronger than MD5.
But I fear it is again too late for adding that :/
Best wishes,
Tels
- -- Signed on Wed Jun 1 18:48:11 2005 with key 0x93B84C15. Visit my photo gallery at http://bloodgate.com/photos/ PGP key on http://bloodgate.com/tels.asc or per email.
"Nuclear powered vacuum cleaners will probably be ready within 10 years." Alex Lewyt, of the Lewyt Corporation, a vacuum maker, predicted in The New York Times on June 10, 1955 -- A warning to all technophiles
Tels wrote:
And in addition, I hope that now not only the passwords are salted, but actually include more measures against brute-forcing, like hashing the password 10000 times, or using something stronger than MD5.
That doesn't make it any more resistant against brute-forcing.
Timwi
wikitech-l@lists.wikimedia.org